Are you prepared for the next targeted attack?

By Mike Spradbery

As cyber attacks become more frequent and more sophisticated, CIOs need to stay one step ahead and feel confident that their organisation is doing all it can to prepare. Are you ready for the next attack?

For CIOs, adopting and integrating the latest technology alone is no longer good enough to protect businesses from security threats. They must work closely with business stakeholders, senior leadership teams and security leaders to ensure that the correct processes and strategies are in place if they are to protect their company and its data.

CIOs are already alert to the importance of security; it ranks highest on the list of challenges that keep them up at night. And they are right to be concerned. Organisations are not ready for the increasingly complex threats that we see, and can never be 100% secure. Security teams are also under increasing pressure due to tightening regulations and the widening skills gap – it’s estimated there will be 1.8 million unfilled security jobs by 2022. But with the right balance of new technology and well-defined internal processes, businesses can be ready to quickly detect and efficiently respond to the next attack.

Technology and tooling

There are three areas of technology that IBM believes will drive the next generation of cyber security solutions: cloud, cognitive and collaboration. All three will give organisations greater speed, agility and efficiency to fend off cyber criminals.                                                                                    

The cloud provides numerous benefits to businesses, from reduced costs and greater efficiency to flexibility and scalability. Security solutions delivered from the cloud are no exception – they can be rapidly implemented, scaled in response to changing business requirements, and frequently updated with the latest features and threat intelligence.

Cognitive technology is a game-changer for cyber security; it learns, understands, reasons, and can provide security analysts with real-time intelligence about security threats. IBM Watson for Cyber Security has been trained to understand security concepts and already has a corpus containing hundreds of millions of data points relating to malware, threat actors, vulnerabilities, IP ranges, URLs, and much more. Watson’s ability to analyse security incidents means that SOC analysts have the best tools to enable them to understand and respond to offenses in a fraction of the time it normally takes.

Collaboration is also critical to stopping modern cyber attacks. Cybercrime is increasingly organised and sophisticated, hackers are choosing to attack businesses online for financial gain as a profession. Criminal networks have become tighter and attackers are sharing information, tips, tools and knowledge among themselves. Businesses must do the same to bolster their security capabilities even further – collaborating with industry peers and security vendors to share threat intelligence and best practice.

The power of cloud, cognitive and collaboration in fending off modern cyber security attacks is no more evident than at Wimbledon. Global interest in SW19 peaks during the two-week duration of The Championships, and in 2017 the on-site security team tracked around 200 million cyber security “events” using IBM QRadar as the Security Information and Event Management solution. In addition, this year for the first time IBM Watson for Cyber Security, delivered at speed from the cloud, was on-hand to help the analysts investigate the highest priority offenses. The team was able to scale with ease to meet the rise in threats, while cognitive technology helped them spot, analyse and block dangers before they took hold.

Process makes perfect

But the latest technology can only do so much. Without sound strategy and procedures in place, businesses are still at risk of potentially devastating damage when attacks occur.

Organisations must establish robust incident response processes if they are to respond well to assaults. As well as the obvious risk to company and customer data, industry regulators are now demanding that businesses report data breaches far faster than most are currently able to. The soon-to-be-implemented GDPR framework mandates that organisations must report issues within 72 hours. But, worryingly, a quarter of medium-sized businesses don’t even have a strategy in place yet. Perhaps even more concerning is the fact that it takes companies an average of 200 days to realise they have a breach, by which point the damage can be significant.

Incident response processes need to reach far beyond the IT department and should include data custodians, legal teams, PR/press officers, application owners, marketing, and business leaders right up to CEO and board members. Responding well to an incident can make a huge difference to the reputational and financial damage that can be caused by a breach. Once processes and incident response tooling are in place, teams must rehearse scenarios to truly assess their readiness and understand how to react to different threats. Knowing which security provider to call for assistance is no good if you don’t know the phone number; an incident response team is no good if they don’t know who can make business decisions based on incomplete data.

Business process provider Abtran delivers services to highly regulated clients across a range of industries, so protecting their data is of utmost importance. Abtran’s team of analysts must always stay a step ahead of threats – but with more than 45 million telephone calls, 25 million emails and 85 million transactions to manage during the course of a year, this is no mean feat. The security team uses cloud, cognitive and collaboration capabilities with IBM Watson for Cyber Security to ensure that it predicts, identifies, understands and then eliminates cyber threats before they have a chance to damage Abtran’s clients’ most valuable assets.

In modern business, there are more risks than ever before. But there are ways to mitigate risks for organisations that proactively prepare with the latest technology and robust processes. What’s the old adage – those that fail to prepare, are preparing to fail…?

Learn more

Check if your organisation is prepared for the next potential cyber security threat - book a Security Assessment with an IBM expert who can assess how mature your security is.